| Message ID | 1508875212-29753-2-git-send-email-odpbot@yandex.ru |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [API-NEXT,v2,1/3] api: ipsec: rework ODP_IPSEC_SA_DISABLE into packet error | expand |
On Tue, Oct 24, 2017 at 3:00 PM, Github ODP bot <odpbot@yandex.ru> wrote: > From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> > > According to the discussion on mailing list, most of implementations > will not be able to support odp_ipsec_sa_disable() status event > directly. Instead they will submit a dummy packet to that SA. Then > after receiving this packet after odp_ipsec_result() will detect this > packet and will report it as a packet with > odp_ipsec_error_t->sa_disabled bit set. > > Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> > Cc: Nikhil Agarwal <nikhil.agarwal@linaro.org> > Cc: Balasubramanian Manoharan <bala.manoharan@linaro.org> > --- > /** Email created from pull request 256 (lumag:ipsec_sa_disable_v2) > ** https://github.com/Linaro/odp/pull/256 > ** Patch: https://github.com/Linaro/odp/pull/256.patch > ** Base sha: 825f75ed8644ef57c5648961e7982daf13cd9375 > ** Merge commit sha: cc282d667b3abb92a45a0f287d68f16850481ba8 > **/ > include/odp/api/spec/ipsec.h | 44 ++++++++++++++++++++---------- > -------------- > 1 file changed, 20 insertions(+), 24 deletions(-) > > diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h > index 26e852fca..ea0ead1ce 100644 > --- a/include/odp/api/spec/ipsec.h > +++ b/include/odp/api/spec/ipsec.h > @@ -843,10 +843,12 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const > odp_ipsec_sa_param_t *param); > * > * When in synchronous operation mode, the call will return when it's > possible > * to destroy the SA. In asynchronous mode, the same is indicated by an > - * ODP_EVENT_IPSEC_STATUS event sent to the queue specified for the SA. > The > - * status event is guaranteed to be the last event for the SA, i.e. all > - * in-progress operations have completed and resulting events (including > status > - * events) have been enqueued before it. > + * artificial packet event sent to the queue specified for the SA having > + * sa_disabled error bit set in the odp_ipsec_packet_result_t returned by > + * odp_ipsec_result(). The packet is guaranteed to be the last event for > + * the SA, i.e. all in-progress operations have completed and resulting > events > + * (including status events) have been enqueued before it. No packets > will come > + * from SA after this one. > * > * @param sa IPSEC SA to be disabled > * > @@ -914,6 +916,12 @@ typedef struct odp_ipsec_error_t { > > /** Hard lifetime expired: packets */ > uint32_t hard_exp_packets : 1; > + > + /** > + * SA is disabled, all packets are processed, it is > + * safe to destroy it now. > + */ > + uint32_t sa_disabled : 1; > }; > > /** All error bits > @@ -927,7 +935,13 @@ typedef struct odp_ipsec_error_t { > > } odp_ipsec_error_t; > > -/** IPSEC warnings */ > +/** > + * IPSEC warnings > + * > + * For outbound SAs in ODP_IPSEC_OP_MODE_INLINE mode warnings can be > reported > + * only as status events. In all other cases warnings are reported either > as > delete "either" and reflow comment. > + * a part of IPsec packet result metadata. > + */ > typedef struct odp_ipsec_warn_t { > /** IPSEC warnings */ > union { > @@ -1133,15 +1147,6 @@ typedef struct odp_ipsec_packet_result_t { > * IPSEC status ID > */ > typedef enum odp_ipsec_status_id_t { > - /** Response to SA disable command > - * > - * Following status event (odp_ipsec_status_t) fields have valid > - * content, other fields must be ignored: > - * - sa: The SA that was requested to be disabled > - * - result: Operation result > - */ > - ODP_IPSEC_STATUS_SA_DISABLE = 0, > - > /** Warning from inline IPSEC processing > * > * Following status event (odp_ipsec_status_t) fields have valid > @@ -1152,7 +1157,7 @@ typedef enum odp_ipsec_status_id_t { > * This status event is generated only for outbound SAs in > * ODP_IPSEC_OP_MODE_INLINE mode. > */ > - ODP_IPSEC_STATUS_WARN > + ODP_IPSEC_STATUS_WARN = 0 > > } odp_ipsec_status_id_t; > > @@ -1166,13 +1171,6 @@ typedef struct odp_ipsec_status_t { > /** IPSEC SA that was target of the operation */ > odp_ipsec_sa_t sa; > > - /** Result of the operation > - * > - * 0: Success > - * <0: Failure > - */ > - int result; > - > /** Warnings of an ODP_IPSEC_STATUS_WARN status event */ > odp_ipsec_warn_t warn; > > @@ -1469,8 +1467,6 @@ int odp_ipsec_result(odp_ipsec_packet_result_t > *result, odp_packet_t packet); > * > * @retval 0 On success > * @retval <0 On failure > - * > - * @see odp_ipsec_sa_disable() > */ > int odp_ipsec_status(odp_ipsec_status_t *status, odp_event_t event); > > >
> delete "either" and reflow comment.
done
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 26e852fca..ea0ead1ce 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -843,10 +843,12 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param); * * When in synchronous operation mode, the call will return when it's possible * to destroy the SA. In asynchronous mode, the same is indicated by an - * ODP_EVENT_IPSEC_STATUS event sent to the queue specified for the SA. The - * status event is guaranteed to be the last event for the SA, i.e. all - * in-progress operations have completed and resulting events (including status - * events) have been enqueued before it. + * artificial packet event sent to the queue specified for the SA having + * sa_disabled error bit set in the odp_ipsec_packet_result_t returned by + * odp_ipsec_result(). The packet is guaranteed to be the last event for + * the SA, i.e. all in-progress operations have completed and resulting events + * (including status events) have been enqueued before it. No packets will come + * from SA after this one. * * @param sa IPSEC SA to be disabled * @@ -914,6 +916,12 @@ typedef struct odp_ipsec_error_t { /** Hard lifetime expired: packets */ uint32_t hard_exp_packets : 1; + + /** + * SA is disabled, all packets are processed, it is + * safe to destroy it now. + */ + uint32_t sa_disabled : 1; }; /** All error bits @@ -927,7 +935,13 @@ typedef struct odp_ipsec_error_t { } odp_ipsec_error_t; -/** IPSEC warnings */ +/** + * IPSEC warnings + * + * For outbound SAs in ODP_IPSEC_OP_MODE_INLINE mode warnings can be reported + * only as status events. In all other cases warnings are reported either as + * a part of IPsec packet result metadata. + */ typedef struct odp_ipsec_warn_t { /** IPSEC warnings */ union { @@ -1133,15 +1147,6 @@ typedef struct odp_ipsec_packet_result_t { * IPSEC status ID */ typedef enum odp_ipsec_status_id_t { - /** Response to SA disable command - * - * Following status event (odp_ipsec_status_t) fields have valid - * content, other fields must be ignored: - * - sa: The SA that was requested to be disabled - * - result: Operation result - */ - ODP_IPSEC_STATUS_SA_DISABLE = 0, - /** Warning from inline IPSEC processing * * Following status event (odp_ipsec_status_t) fields have valid @@ -1152,7 +1157,7 @@ typedef enum odp_ipsec_status_id_t { * This status event is generated only for outbound SAs in * ODP_IPSEC_OP_MODE_INLINE mode. */ - ODP_IPSEC_STATUS_WARN + ODP_IPSEC_STATUS_WARN = 0 } odp_ipsec_status_id_t; @@ -1166,13 +1171,6 @@ typedef struct odp_ipsec_status_t { /** IPSEC SA that was target of the operation */ odp_ipsec_sa_t sa; - /** Result of the operation - * - * 0: Success - * <0: Failure - */ - int result; - /** Warnings of an ODP_IPSEC_STATUS_WARN status event */ odp_ipsec_warn_t warn; @@ -1469,8 +1467,6 @@ int odp_ipsec_result(odp_ipsec_packet_result_t *result, odp_packet_t packet); * * @retval 0 On success * @retval <0 On failure - * - * @see odp_ipsec_sa_disable() */ int odp_ipsec_status(odp_ipsec_status_t *status, odp_event_t event);